CVE-2026-23364 Linux CVE debrief

Who should care

System administrators and security teams responsible for Linux kernel-based systems, especially those using ksmbd, should prioritize patching this vulnerability. Given the HIGH CVSS severity score of 7.4, defenders must assess their exposure and apply mitigations promptly. This vulnerability could be exploited in network attacks, making it critical for defenders to review their systems and apply patches or compensating controls.

Technical summary

The Linux kernel ksmbd subsystem is vulnerable to a timing attack due to non-constant time MAC comparisons. The vulnerability is caused by the use of memcmp() for comparing MACs, which can be exploited by attackers to deduce sensitive information. The issue has been resolved by replacing memcmp() with the constant-time function crypto_memneq(). Affected versions include Linux kernel 5.15.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.19, and 6.19 to 6.19.7.

Defensive priority

High priority due to CVSS score of 7.4 and potential for network attacks

Recommended defensive actions

• Inventory Linux kernel-based systems using ksmbd
• Review official Linux kernel advisories and patches
• Apply patches or vendor-supported remediation for affected versions
• Monitor for potential exploitation attempts
• Review compensating controls if patching is not feasible

Evidence notes

The primary evidence for this vulnerability comes from the NVD CVE record and the Linux kernel patch references. The vulnerability affects multiple versions of the Linux kernel, specifically those using ksmbd. Defenders should verify the affected versions (5.15.1 to 6.1.167, 6.2 to 6.6.130, 6.7 to 6.12.78, 6.13 to 6.18.19, and 6.19 to 6.19.7) and review official sources for patch information.

Official resources